OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] ANN: Building Web Services the REST Way

[ Lists Home | Date Index | Thread Index ]

 >>>Imagine requesting medical
>>>records; because of my "only endpoints" requirement -- imposed by
>>>us HIPPA regulations -- SSL will not suffice.)
>>Could you describe how SSL fails to satisfy?
> Perhaps the HTTPS server isn't the endpoint in the sense relevant to the 
> security constraint ... but it will see the cleartext URI.

Yes.  In addition, SSL works by having two parties share a common key. 
That makes digital signature and non-repudiable disclosure impossible: 
each party could claim the other signed or exposed the data.  Public-key 
crypto does not have those attributes.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS